Re: WLC and AP Switch Port Configuration

joshwa · ‎02-11-2020

I am in a new network that has AP switch port configured as Trunk ports with the native vlan tagged. I have always read to have them set as access port with the vlan set. Is there any benefit to either of these options. I do like looking in switches and seeing the vlan in the show interface status.

Scott Fella · ‎02-11-2020

Trunk port is required if aps are autonomous or in FlexConnect mode with local switching. If you have a wlc and tunneling traffic back to the wlc, then you can have access ports. To be honest, doesn’t make a difference, maybe more of a preference of what you like to see, but either way can work.

-Scott
*** Please rate helpful posts ***

patoberli · ‎02-12-2020

Let's just say, trunk ports are very dangerous to the IT security, if you don't protect those ports with other measures like 802.1x. If an attacker is able to unplug the cable to the AP, he can access all VLANs in your network (which are in the trunk).

joshwa · ‎02-12-2020

Currently the AP gets its IPADDR from being in switchport trunk native vlan 800. I dont see the point having a truck connection since the AP is just passing traffic to the controller, but for FlexConnect, I can understand.

patoberli · ‎02-13-2020

This is correct. If the AP is running in local mode, you don't need a trunk port. This might be a legacy from a long time past, when you had autonomous APs. I suggest you change the configuration back to an access port.

Ashok09 · ‎01-09-2024

Good information

But suggest to configure

spanning-tree portfast trunk

stp bpdugard

the port will not go to the listening, learning states in case of a state change. This should not be configured on trunk ports connected to other Switches or STP enabled devices.